CVSSv3 04/07/2022

CVSSv3 Base

≤10
≤20
≤30
≤41
≤55
≤64
≤77
≤81
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤41
≤55
≤65
≤76
≤81
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤43
≤52
≤64
≤75
≤83
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤66
≤71
≤81
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1966265.55.5
 
 
 
 
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 Privilege Escalation0.37+CVE-2020-27375
1966253.53.5
 
 
 
 
SWHKD Option Parser resource consumption0.24+CVE-2022-27819
1966246.36.3
 
 
 
 
SWHKD swhkd.sock temp file0.24+CVE-2022-27818
1966236.36.3
 
 
 
 
eZiosuite Avatar Upload unrestricted upload0.31+CVE-2022-26605
1966225.35.3
 
 
 
 
Fantec MWiD25-DS GET information disclosure0.44+CVE-2022-26591
1966217.37.3
 
 
 
 
Xiongmai HI3518E_50H10L_S39 Service Port 9530 backdoor0.44+CVE-2020-22253
1966206.45.3
 
7.5
 
 
Podium Layout/Proxy Header denial of service0.48+CVE-2022-24822
1966194.34.3
 
 
 
 
Apache NiFi Login Credential Update temp file0.51+CVE-2022-26850
1966186.36.3
 
 
 
 
PHP-CMS categorymenu.php sql injection0.51+CVE-2022-26613
1966174.43.5
 
5.4
 
 
Cisco Web Security Appliance Web-based Management Interface cross site scripting0.44+CVE-2022-20781
1966164.34.3
 
 
 
 
Cisco IP Phone 6800/IP Phone 7800/IP Phone 8800 Web-based Interface cross-site request forgery0.44+CVE-2022-20774
1966154.43.5
 
5.4
 
 
Cisco Secure Network Analytics Network Diagrams Application cross site scripting0.44+CVE-2022-20741
1966146.67.2
 
6.0
 
 
Cisco StarOS CLI command injection0.44+CVE-2022-20665
1966136.67.3
 
5.8
 
 
Cisco Web Security Appliance Web-Based Reputation Score Engine access control0.48+CVE-2022-20784
1966125.96.3
 
5.4
 
 
Cisco WebEx Meetings Application Login Authorization deserialization0.51+CVE-2022-20763
1966115.35.3
 
5.3
 
 
Cisco Email Security Appliance Service Port 199 denial of service0.37+CVE-2022-20675
1966104.62.7
 
6.5
 
 
Cisco Identity Services Engine Web-based Management Interface privileges assignment0.44+CVE-2022-20782
1966096.36.3
 
 
 
 
baigo CMS unrestricted upload0.51+CVE-2022-26607

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!